4 matches found
@3volutions/welle7.lib (=1.0.1), @acathur/koa-decorator-ts (>=2.7.0 <=2.7.4) +1163 more potentially affected by CVE-2020-7637 via class-transformer (>=0.1.10 <=0.2.3)
class-transformer NPM version =0.1.10, =2.7.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =1.0.1, =0.0.1, =1.3.0-next.2, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.9, =0.0.18 and more Source cves: CVE-2020-7637 Source advisory: OSV:GHSA-6GP3-H3JJ-PRX4...
CVE-2020-7637
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2020-7637
CVE-2020-7637 affects class-transformer versions prior to 0.3.1. The vulnerability stems from classToPlainFromExist allowing a proto payload to pollute Object.prototype, enabling attacker-controlled modification of object properties. Impact is described as prototype pollution; upstream fixes requ...
@3volutions/welle7.lib (=1.0.1), @acathur/koa-decorator-ts (>=2.7.0 <=2.7.4) +1163 more potentially affected by CVE-2020-7637 via class-transformer (>=0.1.10 <=0.2.3)
class-transformer NPM version =0.1.10, =2.7.0, =1.0.0, =0.1.0, =0.0.4, =0.0.1, =1.0.1, =0.0.1, =1.3.0-next.2, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.9, =0.0.18 and more Source cves: CVE-2020-7637 Source advisory: SNYK:JS-CLASSTRANSFORMER-564431...